AUTOMATIC LINK SECURITY

US 20180013798A1
Filed: 07/07/2016
Published: 01/11/2018
Est. Priority Date: 07/07/2016
Status: Abandoned Application

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving, in a controller associated with a network, a signal indicating that an unauthenticated device is requesting access to the network;

establishing a connection between the unauthenticated device and the controller;

receiving, through the connection, device identification information;

determining, by the cloud controller using the device identification information, that the device is associated with the network;

negotiating, by the controller, security material for automatically authenticating the device with the network; and

causing the network to adopt a trusted policy for allowing the automatically-authenticated device to access the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems, methods, and computer-readable storage media for automatic link security. A cloud controller can receive a signal indicating that an unauthenticated device is requesting private network resources, establish a connection between the unauthenticated device and the cloud controller, and determine that the unauthenticated device is associated with a private network. The cloud controller can facilitate the negotiation of security material between the device and the network and automatically establish a secure link between the device and the private network. The cloud controller can cause the security material to be sent to the device and can transmit a policy instruction that is effective to cause a switch port to automatically bypass a default access policy and automatically adopt a trusted policy for device to access the private network.

78 Citations

View as Search Results

20 Claims

1. A computer-implemented method comprising:
- receiving, in a controller associated with a network, a signal indicating that an unauthenticated device is requesting access to the network;
  
  establishing a connection between the unauthenticated device and the controller;
  
  receiving, through the connection, device identification information;
  
  determining, by the cloud controller using the device identification information, that the device is associated with the network;
  
  negotiating, by the controller, security material for automatically authenticating the device with the network; and
  
  causing the network to adopt a trusted policy for allowing the automatically-authenticated device to access the network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-implemented method of claim 1, wherein the signal indicating that an unauthenticated device is requesting access to the network is received from a switch controller for a switch port associated with the network after the unauthenticated device is coupled with the switch port.
  - 3. The computer-implemented method of claim 2, wherein the controller comprises a cloud controller and the switch controller is part of the cloud controller.
  - 4. The computer-implemented method of claim 2, further comprising;
    - after receiving the signal indicating that the unauthenticated device is requesting access to the network, sending a bypass instruction to the switch port, wherein the bypass instruction is effective for causing the switch port to bypass a default port-based network access control (PNAC) policy that limits network access to unknown devices and that allows unknown devices to establish a connection between the device and the controller.
  - 5. The computer-implemented method of claim 2, wherein causing the network to adopt the trusted policy further comprises sending the security material to the device through a tunnel, wherein the security material is used by the device to authenticate the device according to a default port-based network access control (PNAC) policy.
  - 6. The computer-implemented method of claim 2, wherein causing the network to adopt the trusted policy further comprises sending, to the switch port controller, a policy instruction that is effective to cause the switch port to automatically bypass a default port-based network access control (PNAC) policy and automatically adopt a trusted policy for automatically-authenticated device to access the network.
  - 7. The computer-implemented method of claim 2, wherein the trusted policy further causes the switch port to revert to the default port-based network access control (PNAC) policy when the automatically-authenticated device is removed from the switch port.
  - 8. The computer-implemented method of claim 2, wherein the network comprises a private network with access to public network resources and private network resources, wherein the switch port has a default port-based network access control (PNAC) policy that involves granting the unauthenticated device access to the public network resources, and wherein the trusted policy involves granting the automatically-authenticated device access to the public network resources and access to the private network resources.
  - 9. The computer-implemented method of claim 2, wherein establishing a connection between the unauthenticated device and the controller comprises:
    - receiving a request from the unauthenticated device to establish a tunnel between the unauthenticated device and the controller; and
      
      establishing the tunnel between the unauthenticated device and the controller.
  - 10. The computer-implemented method of claim 9, wherein the request from the unauthenticated device to establish the tunnel between the unauthenticated device and the controller is received through an device controller that is separate from the controller.

11. A cloud controller on a network, the cloud controller comprising:
- a processor; and
  
  a computer-readable storage medium having stored therein instructions which, when executed by the processor, cause the processor to perform operations comprising;
  
  receiving a signal indicating that an unauthenticated access point is requesting access to the network;
  
  establishing a connection between the between the unauthenticated access point and the cloud controller;
  
  receiving, through the connection, access point identification information;
  
  determining, using the access point identification information, that the access point is associated with the network;
  
  negotiating security material for automatically authenticating the access point with the network; and
  
  causing the network to adopt a trusted policy for allowing the automatically-authenticated access point to access the network.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The cloud controller of claim 11, wherein the signal indicating that an unauthenticated access point is requesting access to the network is received from a switch controller for a switch port associated with the network after the unauthenticated access point is coupled with the switch port.
  - 13. The cloud controller of claim 12, wherein the switch controller is part of the cloud controller.
  - 14. The cloud controller of claim 12, wherein causing the network to adopt the trusted policy further comprises sending the security material to the access point through the tunnel, wherein the security material is used by the access point to authenticate the access point according to a default port-based network access control (PNAC) policy.
  - 15. The cloud controller of claim 12, wherein causing the network to adopt the trusted policy further comprises sending, to the switch port controller, a policy instruction that is effective to cause the switch port to automatically bypass a default port-based network access control (PNAC) policy and automatically adopt a trusted policy for automatically-authenticated access point to access the network.
  - 16. The cloud controller of claim 12, wherein the trusted policy further causes the switch port to revert to the default port-based network access control (PNAC) policy when the automatically-authenticated access point is removed from the switch port.

17. A non-transitory computer-readable storage medium having stored therein instructions which, when executed by a processor in a cloud controller associated with a network, cause the processor to perform operations comprising:
- receiving a signal from a switch port controller associated with a switch port in the network, the signal indicating that an unauthenticated access point is requesting access to the network through the switch port;
  
  establishing a secure tunnel connection between the between the unauthenticated access point and the cloud controller;
  
  receiving, through the secure tunnel connection, access point identification information;
  
  determining, using the access point identification information, that the unauthenticated access point is associated with the network;
  
  negotiating security material for automatically authenticating the access point with the network; and
  
  sending, to the switch controller, a policy instruction that is effective to cause the switch port to automatically bypass a default port-based network access control (PNAC) policy and automatically adopt a trusted policy for the access point to access the network and to revert to the default PNAC policy when the access point is removed from the switch port.
- View Dependent Claims (18, 19, 20)
- - 18. The non-transitory computer-readable storage medium of claim 17, wherein causing the automatically-authenticated access point and the network to adopt the trusted policy further comprises sending the security material to the access point through the tunnel, wherein the security material is used by the access point to authenticate the access point according to a default port-based network access control (PNAC) policy.
  - 19. The non-transitory computer-readable storage medium of claim 17, wherein causing the automatically-authenticated access point and the network to adopt the trusted policy further comprises sending, to the switch port controller, a policy instruction that is effective to cause the switch port to automatically bypass a default port-based network access control (PNAC) policy and automatically adopt a trusted policy for automatically-authenticated access point to access the network.
  - 20. The non-transitory computer-readable storage medium of claim 17, wherein the trusted policy further causes the switch port to revert to the default port-based network access control (PNAC) policy when the automatically-authenticated access point is removed from the switch port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Pallas, Derrick

Application Number

US15/204,064
Publication Number

US 20180013798A1
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 47/193   at the transport layer, e.g...

H04L 63/0876   based on the identity of th...

H04L 63/205   involving negotiation or de...

AUTOMATIC LINK SECURITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATIC LINK SECURITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links