Patents by Inventor Rashmikant B. Shah
Rashmikant B. Shah has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11909741Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: GrantFiled: May 26, 2021Date of Patent: February 20, 2024Assignee: CISCO TECHNOLOGY, INC.Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Publication number: 20210297454Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: ApplicationFiled: May 26, 2021Publication date: September 23, 2021Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Patent number: 11038893Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: GrantFiled: May 15, 2017Date of Patent: June 15, 2021Assignee: Cisco Technology, Inc.Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Patent number: 10601664Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: GrantFiled: April 28, 2017Date of Patent: March 24, 2020Assignee: Cisco Technology, Inc.Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Patent number: 10298581Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: GrantFiled: April 28, 2017Date of Patent: May 21, 2019Assignee: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak
-
Publication number: 20190089747Abstract: A process to protect secure communication sessions from a network device that may have been subjected to a malicious network attack or otherwise the source of malicious network traffic. A cellular-connected network device, such as an IoT gateway, may receive data from one or more IoT devices. The cellular-connected network device may also communicate with a datacenter via a communication tunnel. The network device may include a usage profile reference. The network device, before transmitting data received from the IoT devices, may transmit the usage profile reference to the datacenter for authentication purposes. The datacenter may use the usage profile reference to resolve a usage profile that the usage profile reference references. Using the usage profile, the datacenter may negotiate with the cellular-connected network device to restrict the types of data that is transmitted between the datacenter and the cellular-connected network device.Type: ApplicationFiled: September 19, 2017Publication date: March 21, 2019Inventors: Wenyi Wang, Rashmikant B. Shah, Brian Weis, Michael L. Sullenberger, Yuan Cai
-
Publication number: 20180332053Abstract: In one embodiment, a device in a network receives an access policy and a class behavioral model for a node in the network that are associated with a class asserted by the node. The device applies the access policy and class behavioral model to traffic associated with the node. The device identifies a deviation in a behavior of the node from the class behavioral model, based on the application of the class behavioral model to the traffic associated with the node. The device causes performance of a mitigation action in the network based on the identified deviation in the behavior of the node from the class behavioral model.Type: ApplicationFiled: May 15, 2017Publication date: November 15, 2018Inventors: Brian E. Weis, Blake Harrell Anderson, Rashmikant B. Shah, David McGrew
-
Publication number: 20180316563Abstract: In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Inventors: Kannan Kumar, Brian E. Weis, Rashmikant B. Shah, Manoj Kumar Nayak
-
Publication number: 20180316673Abstract: In one embodiment, an authorized signing authority server receives an authenticity request from a security registrar to vouch for authenticity of a particular device. Based on receiving the authenticity request, the authorized signing authority server may then determine an authenticity state of the particular device, and may also request a device provisioning file for the particular device from a device provisioning server, the device provisioning file defining one or more network security policies for the particular device. Upon receiving the device provisioning file from the device provisioning server, the authorized signing authority server may then return the authenticity state and the device provisioning file for the particular device to the security registrar, causing the security registrar to complete authentication of the particular device based on the authenticity state and the device provisioning file.Type: ApplicationFiled: April 28, 2017Publication date: November 1, 2018Applicant: Cisco Technology, Inc.Inventors: Rashmikant B. Shah, Brian E. Weis, Kannan Kumar, Manoj Kumar Nayak