Systems and methods for providing customized virtual wireless networks based on service oriented network auto-creation
US-10084643-B2 · Sep 25, 2018 · US
Dynamic network and security policy for IoT devices
US10601664B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10601664-B2 |
| Application number | US-201715582294-A |
| Country | US |
| Kind code | B2 |
| Filing date | Apr 28, 2017 |
| Priority date | Apr 28, 2017 |
| Publication date | Mar 24, 2020 |
| Grant date | Mar 24, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices that the provisioned device is configured to communicate through. As such, the network controller may then transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices that the provisioned device is configured to communicate through.
First claim
Opening claim text (preview).
What is claimed is: 1. A method, comprising: receiving, at a network controller for a computer network, details of a provisioned device; receiving, at the network controller, policy requirements for the provisioned device; determining, by the network controller based on the details and policy requirements for the provisioned device, a plurality of network devices along a path that the provisioned device is configured to communicate through, wherein the path is from the provisioned device to one or more application services that the provisioned device is configured to communicate with; translating, by the network controller, the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices along the path that the provisioned device is configured to communicate through; and transmitting, from the network controller, a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices along the path that the provisioned device is configured to communicate through. 2. The method as in claim 1 , wherein determining the plurality of network devices that the provisioned device is configured to communicate through comprises: determining the path from the provisioned device to the one or more application services that the provisioned device is configured to communicate with; and determining the plurality of network devices based on the path. 3. The method as in claim 1 , wherein the details and policy requirements for the provisioned device are based on a Manufacturer Usage Description (MUD) protocol exchange of the provisioned device. 4. The method as in claim 1 , wherein receiving the details and policy requirements for the provisioned device comprises: receiving a communication from a policy engine that is located along a provisioning path between the provisioned device and a provisioning server. 5. The method as in claim 4 , wherein the provisioned device is provisioned according to a Manufacturer Usage Description (MUD) protocol exchange with the provisioning server. 6. The method as in claim 1 , wherein the provisioned device is an Internet of Things (IoT) device. 7. The method as in claim 1 , wherein the plurality of network devices that the provisioned device is configured to communicate through are selected from a group consisting of: distribution switches; core switches; routers; firewalls; and servers. 8. The method as in claim 1 , wherein the details of the provisioned device are selected from a group consisting of: an identification (ID) of the provisioned device; an Internet Protocol (IP) address of the provisioned device; a media access control (MAC) address of the provisioned device; a type of the provisioned device; a class of the provisioned device; and a manufacturer of the provisioned device. 9. The method as in claim 1 , wherein the policy requirements for the provisioned device are selected from a group consisting of: an access level for the provisioned device; a bandwidth requirement for the provisioned device; and a quality-of-service (QoS) requirement for the provisioned device. 10. The method as in claim 1 , wherein the plurality of network-device-specific policies are selected from a group consisting of: an access control list (ACL) entry for the provisioned device; a quality-of-service (QoS) requirement for the provisioned device; and a security policy for the provisioned device. 11. An apparatus, comprising: one or more network interfaces configured to communicate in a computer network; a processor coupled to the network interfaces and adapted to execute one or more processes; and a memory configured to store a process executable by the processor, the process when executed operable to: receive details of a provisioned device; receive policy requirements for the provisioned device; determine, based on the details and policy requirements for the provisioned device, a plurality of network devices along a path that the provisioned device is configured to communicate through, wherein the path is from the provisioned device to one or more application services that the provisioned device is configured to communicate with; translate the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices along the path that the provisioned device is configured to communicate through; and transmit a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices along the path that the provisioned device is configured to communicate through. 12. The apparatus as in claim 11 , wherein process when executed to determine the plurality of network devices that the provisioned device is configured to communicate through is further operable to: determine the path from the provisioned device to the one or more application services that the provisioned device is configured to communicate with; and determine the plurality of network devices based on the path. 13. The apparatus as in claim 11 , wherein the details and policy requirements for the provisioned device are based on a Manufacturer Usage Description (MUD) protocol exchange of the provisioned device. 14. The apparatus as in claim 11 , wherein the process when executed to receive the details and policy requirements for the provisioned device is further operable to: receive a communication from a policy engine that is located along a provisioning path between the provisioned device and a provisioning server. 15. The apparatus as in claim 14 , wherein the provisioned device is provisioned according to a Manufacturer Usage Description (MUD) protocol exchange with the provisioning server. 16. The apparatus as in claim 11 , wherein the provisioned device is an Internet of Things (IoT) device. 17. The apparatus as in claim 11 , wherein the plurality of network devices that the provisioned device is configured to communicate through are selected from a group consisting of: distribution switches; core switches; routers; firewalls; and servers. 18. A tangible, non-transitory, computer-readable medium storing program instructions that cause a computer to execute a process comprising: receiving details of a provisioned device; receiving policy requirements for the provisioned device; determining, based on the details and policy requirements for the provisioned device, a plurality of network devices along a path that the provisioned device is configured to communicate through, wherein the path is from the provisioned device to one or more application services that the provisioned device is configured to communicate with; translating the details and policy requirements for the provisioned device into a plurality of network-device-specific policies, each respective network-device-specific policy corresponding to one of the plurality of network devices along the path that the provisioned device is configured to communicate through; and transmitting a respective network-device-specific policy of the plurality of network-device-specific policies to the plurality of network devices along the path that the provisioned device is configured to communicate through. 19. The computer-readable medium as in claim 18 , wherein the process when executed t
Assignees
Inventors
Classifications
Service provisioning or reconfiguring · CPC title
Access control lists [ACL] · CPC title
for managing network security; network security policies in general (filtering policies H04L63/0227) · CPC title
Services for machine-to-machine communication [M2M] or machine type communication [MTC] · CPC title
Firewall traversal, e.g. tunnelling or, creating pinholes · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10601664B2 cover?
- In one embodiment, a network controller for a computer network receives details of a provisioned device and policy requirements for the provisioned device. The network controller may then determine, based on the details and policy requirements for the provisioned device, a plurality of network devices that the provisioned device is configured to communicate through, and may then translate the d…
- Who is the assignee on this patent?
- Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/0853. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 24 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).